hello today I'm going to show you major security Incident Management part of the portfolio of Security operation Solutions on the service now platform in this video we'll showcase some of the incredible collaboration features that can help major security incident responders and managers resolve major security incidents more efficiently and effectively here we are as major security incident manager Amanda crane in the major security Incident Management or MS IM workspace here we have a ransomware incident this was a security incident involving many users that was promoted to a major security incident or MSI when a security incident is determined to be major it can be proposed or promoted to create an MSI with the click of a button the MSI record is generated along with chat channels and folders to facilitate collaboration as soon as the MSI is opened as the incident manager I can see relevant information that rolled up from the security incident here I can see an executive summary highlighting incident impact duration a timeline of key events and related security incidents and tasks I can clearly see the MSI code name is Red Dragon at the top left side which is a useful way for everyone working on the MSI to refer to it and find it quickly within service now and in external chat channels heading over to the collaboration t tab now that the security incident has been declared major Microsoft teams chat channels and SharePoint folders have been automatically created so you don't have to manually create them every time you declare an MSI msim now also integrates with slack for chat Channel creation to now this incident manager can spend more time focusing on critical work to resolve this incident and the team working on the MSI have the ability to collaborate and chat about it right away the team can immediately upload files and folders including log files and artifacts that they may need to collaborate and respond to this incident effectively with msim you have the flexibility to decide how many chat channels you want to create with each MSI and who you want to be included in each chat Channel you can even create a new chat Channel within msim in this organization they've chosen to automatically create three channels one General channel one for their sock team and one for their legal team over in Microsoft teams I can see the chat channels created for the team which are easy to find since they're labeled with the MSI code name red dragon Amanda sends a quick message to incident responder Adam long reminding them to share the relevant log file for the incident switching over to instant responder Adam Long's view of things he sees a new message from his manager reminding him to share the relevant log file no problem with msim shared folders are automatically created in SharePoint allowing team members working on the incident to upload relevant files into a shared repository right away no time spent having to create a folder structure that's all been done for you and it's linked directly from the MSI record now it's easier than ever to share and access files from one central location back in msim we can see that the incident responder has a modified view of the MSI with just the access he needs needs allowing him to see the most relevant information for his role and get work done more efficiently back on the collaboration tab as incident manager Amanda you can view and search through files and all the recent activity on this MSI such as searching for uploaded log files there's a file great just like with security incident response activity is logged so that team members can easily see what work has been done on the incident and search through aggregated chat messages and SharePoint files or filter by activity type group person label date or time range let's see what incident responder Adam has been up to on this incident in addition to quickly searching across multiple sources we can even label this file or log it as a timeline event now we can have visibility into this important event in a timeline view next legal wants to have a quick call to get up to speed thanks to Integrations with Microsoft teams Cisco webx and zoom Amanda can start a conference call directly from within the msim workspace making it easy to get connected in real time Amanda wants to send an email update to her ciso so she quickly crafts a status report in an email format to send off email reports are an easy way to share updates in a mobile friendly format from the now platform PDF reports can also be generated and saved shared or downloaded from msim these reports can be configured to meet your organization's specific needs or you can use available outof thee boox reports you can also edit the report from the workspace and save it for later or email the report to selected internal or external recipients from an admin perspective setting up the configurations for these msim chat channels and file sharing folders is flexible and Easy in the now platform here admins can decide how many chat channels to set up for their organization with each MSI I and the individual users or groups to be included in each Channel saving time and allowing teams to collaborate instantly once an major security incident is created as you can see this organization wants to have a separate dedicated channel for their legal team as well as one for their sock team even better you don't have to add members one by one now you can add tens or even hundreds of people to a single Channel by adding groups to the channel and service now similarly folder templates can be tailored to meet your organization's needs in just a few simple steps you can choose to set up one or more folders along with specifying what individual users or groups get access to these folders so the next time you're faced with an MSI folders are automatically created enabling your team to start storing and sharing pertinent files and artifacts in one central place right away today we've seen how the major security Incident Management solution provides a collaboration Hub AC AC cross the Enterprise for teams working on major security incidents to drive improved communication coordination and faster resolution of major security incidents by enabling seamless collaboration across all parties involved in managing major security incidents major security incident responders and managers can act swiftly with all of the information needed to make more effective decisions and resolve major security incidents more efficiently improving your organization's security and risk posture thanks for watching watching